A simple end-to-end encrypted chat built for customer support, private conversations and BlueberryS Digital products. No ads. No phone number required. Operated by BlueberryS s.r.o.
14 days free, no card. Then €9 / year.
Private messages, encrypted before they leave your device. Standard chat bubbles — no stories, no reactions on reactions.
PrivateChat is not trying to replace global messengers. It is designed as a focused private communication layer for our own products, client support and trusted conversations.
End-to-end encryption protects the content of your messages. Email-only sign-up means you are not linked to a phone number. A small subscription means we don't have to monetize your attention or metadata for ads.
PrivateChat is paid because we do not want to finance the product through ads, tracking pixels or selling attention. A simple subscription keeps the business model clean — €9 per user per year, that's the whole revenue side.
€9 a year = €0.75 a month. Transparent cost of running a paid service, instead of "free" with hidden costs.
Every message is encrypted on your device using the TweetNaCl library (Curve25519 + XSalsa20 + Poly1305). The server stores a binary blob it cannot decrypt without recipient keys.
Email is enough. No SIM card link, no identity tracking via phone number. The email you use can be an alias.
Operated by BlueberryS s.r.o. — a Slovak company. We aim for EU-oriented hosting where possible and process the minimum data needed to run the service.
We make money from subscriptions, not from your data. No advertising trackers, no third-party ad SDKs. We do not use your metadata to target ads.
Every contact has a short fingerprint code you can verify with the other person — in person, by phone, or via another channel. This helps confirm you are talking to the right person, not an imposter.
We host on EU-region infrastructure where possible. GDPR by design. Operated by a Slovak company — questions go straight to a small team, not a call center.
Questions go to info@blueberrysdigital.com. We reply within one business day, in plain language, no ticketing bots.
Transparent, no marketing fluff.
If the database were exposed or legally requested, message content cannot be decrypted without recipients' private keys, which never leave their devices. Metadata and account data, however, would be visible to whoever obtained that data.
What end-to-end encryption can and cannot do — transparently.
PrivateChat protects message content with E2EE. It does not protect against:
These are inherent properties of any E2EE messenger. We list them so you can make an informed choice.
For those who want to see what end-to-end encryption actually does — and where it stops.
E2EE = End-to-End Encryption.
Content is encrypted on your device before it leaves and decrypted only on the recipient's device. Parties in between — server, hacker, ISP — see only ciphertext; they can read the routing metadata but not the message content.
| Encryption type | Example | Server sees content? |
|---|---|---|
| None (HTTP) | old chat / notes | ✅ yes + anyone on the network |
| Transport (HTTPS) | regular websites | ✅ yes (only the path is protected) |
| Server-side | Google Docs, Dropbox | ✅ yes (server holds the key) |
| E2EE | examples: Signal, WhatsApp, PrivateChat | ❌ no (content); metadata still visible |
"Hey, how are you?"crypto_box(text, dianaPub, alicePriv) → ciphertext{ ciphertext, nonce }senderId, recipientId, ciphertext, nonce, timestamp{ ciphertext, nonce } via Socket.iocrypto_box.open(...) → plaintext"Hey, how are you?"
At no step does the server have a way to open the ciphertext — it doesn't have Diana's private key.
And since that key never leaves her device, not even we as the operator have any way to get to it.
| Adversary | Without E2EE | With E2EE (PrivateChat) |
|---|---|---|
| Passive network sniffer (WiFi, ISP) | sees ciphertext (HTTPS protects) | sees ciphertext |
| Server admin | can read everything | can't read content |
| Server hack (DB dump) | all messages leaked in plaintext | ciphertexts leaked — unreadable |
| Legal subpoena | server has to hand over content | server hands over binary blobs + metadata |
| Ex-employee | can download a DB copy | binary blobs without keys are useless |
| MITM with a fake public key | solved by fingerprint verification (✓ verified) | |
E2EE protects content, not metadata. The server still sees:
This metadata problem is shared by Signal and WhatsApp too. Full solutions require Tor / mixnets / Sealed Sender. For most use cases the metadata leak is a smaller problem than content leak.
PrivateChat uses well-known cryptographic primitives via the TweetNaCl library:
• Curve25519 — key exchange (asymmetric)
• XSalsa20 — stream cipher (symmetric content encryption)
• Poly1305 — MAC (integrity — prevents ciphertext tampering)
Note: PrivateChat does not implement the Signal Protocol or Double Ratchet. We use these established NaCl primitives directly for simple 1:1 encrypted messages. For a comparable feature set in a more battle-tested protocol (group ratcheting, sealed sender, etc.), Signal remains the reference implementation.
In short: E2EE means the content of your messages stays between you and the recipient. Server breaches or legal requests can expose metadata and ciphertexts, but not the messages themselves — provided your device keys stay safe.
Just an email address, no phone number. Magic link verification, optional password. On first login a keypair is generated directly on your device.
Send them a signup link. After they're in, public keys are exchanged between you — from then on you can chat encrypted. No install, runs in the browser.
Every message is encrypted before sending. Delivery via WebSocket is sub-second. We see nothing — only that you sent a blob of bytes to someone.
No freemium, no ads. Subscription is our only revenue source — that's how we can keep your data private.
Pricing applies to the first 1,000 users at launch — they keep €9/year forever. Standard pricing may rise later.
Message content is end-to-end encrypted using Curve25519 + XSalsa20 + Poly1305 (TweetNaCl). The recipient's private key never leaves their device, so the server stores only ciphertexts it cannot decrypt. As the operator we have no technical way to read message content. We do see metadata (sender, recipient, timestamps) needed to deliver the message — see the "Important limitations" section above for the full picture.
WhatsApp and Messenger are built for mass communication and rely on a phone number for identity. PrivateChat serves a different need — a private channel without phone-based identity, hosted by a small Slovak company, paid for via subscription instead of ads. If WhatsApp works for you, keep using it. PrivateChat is for situations where a paid, focused private channel makes sense — client communication, small teams, family circles, or BlueberryS Digital products.
We'll send you a magic link via email to recover the account. But old messages from before key loss cannot be recovered — by E2EE design we can't decrypt them; the key is only on your device.
Yes. The operator is BlueberryS s.r.o., ID 50 724 428 — a Slovak company. We process the minimum data, no message content. Account and all data deleted within 30 days of request.
Anytime, one click in settings (Stripe Customer Portal). Subscription runs until the end of the period you paid for, then the account expires. EU 14-day refund policy applies automatically.
A small subscription is how we pay for the service: EU-region hosting, GDPR work, support, and ongoing development. It also means we don't need to fund the product through ads or by selling metadata. €9/year ≈ €0.75/month is the actual cost of running a paid service transparently, instead of "free" with a different bill paid in attention and data.
PrivateChat is live in beta — primarily a private communication layer for our own products, client support and small trusted circles. It is not aimed at replacing global messengers for mass communication. If you run client support, a small team, or a family group that wants a paid private channel without ads, it's likely a good fit.
Launch the app, sign up with email — your keypair is generated right in the browser. 14 days free, no card. You're among the first 1,000 — €9/year forever, even if we raise the price later.
Sign up via magic link (no password) — we send one email with a sign-in link. No tracking, no ad cookies.
Questions? Email info@blueberrysdigital.com.